Researcher Name: NSO Group (https://twitter.com/nsogroup)
The researchers demonstrated how unsafe developers tools can be. For example, they showed that simply cd’ing into a directory or opening a project in VSCode leads to RCE. They also demonstrated bypasses of package manager safety measures
https://blog.sonarsource.com/securing-developer-tools-git-integrations/ https://blog.sonarsource.com/securing-developer-tools-package-managers/